From 36636503f7a24bc86cbe678e6e721dda70e8588c Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Tue, 26 Apr 2016 13:13:43 +0200 Subject: [PATCH 12/12] nss-idmap: add sss_nss_getnamebycert() --- Makefile.am | 2 +- src/python/pysss_nss_idmap.c | 47 ++++++++++++++++++++++++++++-- src/responder/nss/nsssrv_cmd.c | 1 + src/sss_client/idmap/sss_nss_idmap.c | 26 ++++++++++++++++- src/sss_client/idmap/sss_nss_idmap.exports | 6 ++++ src/sss_client/idmap/sss_nss_idmap.h | 15 ++++++++++ 6 files changed, 93 insertions(+), 4 deletions(-) diff --git a/Makefile.am b/Makefile.am index ecaf52a84e3a260bee830152c98eafb97da4dc7c..d01f29c342bc72bd01a39e5785393fdef28822d7 100644 --- a/Makefile.am +++ b/Makefile.am @@ -999,7 +999,7 @@ libsss_nss_idmap_la_LIBADD = \ $(CLIENT_LIBS) libsss_nss_idmap_la_LDFLAGS = \ -Wl,--version-script,$(srcdir)/src/sss_client/idmap/sss_nss_idmap.exports \ - -version-info 1:0:1 + -version-info 2:0:2 dist_noinst_DATA += src/sss_client/idmap/sss_nss_idmap.exports diff --git a/src/python/pysss_nss_idmap.c b/src/python/pysss_nss_idmap.c index 36d66f405442d63e430f92862990f1656486112d..a88ef77a3c8056e4962c35811de3dbbb18f4c9a4 100644 --- a/src/python/pysss_nss_idmap.c +++ b/src/python/pysss_nss_idmap.c @@ -33,7 +33,8 @@ enum lookup_type { SIDBYNAME, SIDBYID, NAMEBYSID, - IDBYSID + IDBYSID, + NAMEBYCERT }; static int add_dict(PyObject *py_result, PyObject *key, PyObject *res_type, @@ -166,6 +167,28 @@ static int do_getsidbyid(PyObject *py_result, PyObject *py_id) return ret; } +static int do_getnamebycert(PyObject *py_result, PyObject *py_cert) +{ + int ret; + const char *cert; + char *name = NULL; + enum sss_id_type id_type; + + cert = py_string_or_unicode_as_string(py_cert); + if (cert == NULL) { + return EINVAL; + } + + ret = sss_nss_getnamebycert(cert, &name, &id_type); + if (ret == 0) { + ret = add_dict(py_result, py_cert, PyBytes_FromString(SSS_NAME_KEY), + PyUnicode_FromString(name), PYNUMBER_FROMLONG(id_type)); + } + free(name); + + return ret; +} + static int do_getidbysid(PyObject *py_result, PyObject *py_sid) { const char *sid; @@ -203,6 +226,9 @@ static int do_lookup(enum lookup_type type, PyObject *py_result, case IDBYSID: return do_getidbysid(py_result, py_inp); break; + case NAMEBYCERT: + return do_getnamebycert(py_result, py_inp); + break; default: return ENOSYS; } @@ -260,7 +286,7 @@ static PyObject *check_args(enum lookup_type type, PyObject *args) case ENOENT: /* nothing found, return empty dict */ break; case EINVAL: - PyErr_Format(PyExc_ValueError, "Unable to retrieve argument\n"); + PyErr_Format(PyExc_ValueError, "Unable to retrieve result\n"); Py_XDECREF(py_result); return NULL; break; @@ -339,6 +365,21 @@ static PyObject * py_getidbysid(PyObject *module, PyObject *args) return check_args(IDBYSID, args); } +PyDoc_STRVAR(getnamebycert_doc, +"getnamebycert(sid or list/tuple of certificates) -> dict(sid => dict(results))\n\ +\n\ +Returns a dictionary with a dictonary of results for each given certificates.\n\ +The result dictonary contain the name and the type of the object which can be\n\ +accessed with the key constants NAME_KEY and TYPE_KEY, respectively.\n\ +\n\ +NOTE: getnamebycert currently works only with id_provider set as \"ad\" or \"ipa\"" +); + +static PyObject * py_getnamebycert(PyObject *module, PyObject *args) +{ + return check_args(NAMEBYCERT, args); +} + static PyMethodDef methods[] = { { sss_py_const_p(char, "getsidbyname"), (PyCFunction) py_getsidbyname, METH_VARARGS, getsidbyname_doc }, @@ -348,6 +389,8 @@ static PyMethodDef methods[] = { METH_VARARGS, getnamebysid_doc }, { sss_py_const_p(char, "getidbysid"), (PyCFunction) py_getidbysid, METH_VARARGS, getidbysid_doc }, + { sss_py_const_p(char, "getnamebycert"), (PyCFunction) py_getnamebycert, + METH_VARARGS, getnamebycert_doc }, { NULL,NULL, 0, NULL } }; diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c index 762c26b74581acb5568b602caaef2586521f6903..64e2945a99a6f3262517aa7c817475904418a1ed 100644 --- a/src/responder/nss/nsssrv_cmd.c +++ b/src/responder/nss/nsssrv_cmd.c @@ -5525,6 +5525,7 @@ static int nss_cmd_getbycert(enum sss_cli_command cmd, struct cli_ctx *cctx) } derb64 = (const char *) body; + DEBUG(SSSDBG_TRACE_ALL, "cert [%s]\n", derb64); /* check input */ ret = sss_cert_derb64_to_pem(cctx, derb64, &pem_cert, &pem_size); diff --git a/src/sss_client/idmap/sss_nss_idmap.c b/src/sss_client/idmap/sss_nss_idmap.c index 55d8043bd992bebf82a46206a9f3aecbe1e88238..fa5a499e3606f7e45a406de4d63002ba35365cb1 100644 --- a/src/sss_client/idmap/sss_nss_idmap.c +++ b/src/sss_client/idmap/sss_nss_idmap.c @@ -159,7 +159,8 @@ static int sss_nss_getyyybyxxx(union input inp, enum sss_cli_command cmd , case SSS_NSS_GETNAMEBYSID: case SSS_NSS_GETIDBYSID: case SSS_NSS_GETORIGBYNAME: - ret = sss_strnlen(inp.str, SSS_NAME_MAX, &inp_len); + case SSS_NSS_GETNAMEBYCERT: + ret = sss_strnlen(inp.str, 2048, &inp_len); if (ret != EOK) { return EINVAL; } @@ -209,6 +210,7 @@ static int sss_nss_getyyybyxxx(union input inp, enum sss_cli_command cmd , case SSS_NSS_GETSIDBYID: case SSS_NSS_GETSIDBYNAME: case SSS_NSS_GETNAMEBYSID: + case SSS_NSS_GETNAMEBYCERT: if (data_len <= 1 || repbuf[replen - 1] != '\0') { ret = EBADMSG; goto done; @@ -368,3 +370,25 @@ int sss_nss_getorigbyname(const char *fq_name, struct sss_nss_kv **kv_list, return ret; } + +int sss_nss_getnamebycert(const char *cert, char **fq_name, + enum sss_id_type *type) +{ + int ret; + union input inp; + struct output out; + + if (fq_name == NULL || cert == NULL || *cert == '\0') { + return EINVAL; + } + + inp.str = cert; + + ret = sss_nss_getyyybyxxx(inp, SSS_NSS_GETNAMEBYCERT, &out); + if (ret == EOK) { + *fq_name = out.d.str; + *type = out.type; + } + + return ret; +} diff --git a/src/sss_client/idmap/sss_nss_idmap.exports b/src/sss_client/idmap/sss_nss_idmap.exports index 8aa4702416534c49176d29cee381e1c9292c4847..bd5d80212017d38334c3cdeefa47d6029f42aebb 100644 --- a/src/sss_client/idmap/sss_nss_idmap.exports +++ b/src/sss_client/idmap/sss_nss_idmap.exports @@ -19,3 +19,9 @@ SSS_NSS_IDMAP_0.1.0 { sss_nss_getorigbyname; sss_nss_free_kv; } SSS_NSS_IDMAP_0.0.1; + +SSS_NSS_IDMAP_0.2.0 { + # public functions + global: + sss_nss_getnamebycert; +} SSS_NSS_IDMAP_0.1.0; diff --git a/src/sss_client/idmap/sss_nss_idmap.h b/src/sss_client/idmap/sss_nss_idmap.h index 78a8a11c1d597e7d19bb692dcaeb566b770b900e..8a6299194e7b91e084b26c0c96e2f93875a832e7 100644 --- a/src/sss_client/idmap/sss_nss_idmap.h +++ b/src/sss_client/idmap/sss_nss_idmap.h @@ -124,6 +124,21 @@ int sss_nss_getorigbyname(const char *fq_name, struct sss_nss_kv **kv_list, enum sss_id_type *type); /** + * @brief Return the fully qualified name for the given base64 encoded + * X.509 certificate in DER format + * + * @param[in] cert base64 encoded certificate + * @param[out] fq_name Fully qualified name of a user or a group, + * must be freed by the caller + * @param[out] type Type of the object related to the SID + * + * @return + * - see #sss_nss_getsidbyname + */ +int sss_nss_getnamebycert(const char *cert, char **fq_name, + enum sss_id_type *type); + +/** * @brief Free key-value list returned by sss_nss_getorigbyname() * * @param[in] kv_list Key-value list returned by sss_nss_getorigbyname(). -- 2.1.0